DRJ's Fall 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 31, Issue 2

Full Contents Now Available!

Industry Hot News

Industry Hot News (434)

When a fleet of monster trucks, canoes, jon boats, motor boats, kayaks, and the Cajun Navy make their way into town, you know it’s too late to make a readiness plan in advance of hurricane season. By that point, you’re probably standing in floodwaters up to your waist (or higher), and you’re realizing that your business is about to come to a screeching halt, along with the added concerns for property, plant, and possessions – both personal and professional.

But when an 18-wheeler equipped with modern workstations, Internet connectivity, telephones and printers – not to mention heating and air conditioning, 50 workspace seats, dozens of rack-mounted servers and high-speed satellite communications – rolls into town, you know you’re in good hands.

That’s what happened last week in Houston, the bullseye of 2017’s Hurricane Harvey, as Sungard Availability Services (Sungard AS) brought one of its seven Mobile Recovery Units (MRUs) to its Houston North Datacenter to bring attention to National Hurricane Preparedness Week. With the beginning of the 2018 Atlantic Hurricane season just two weeks away, Sungard AS wanted to make sure that Houston-area business and civic leaders were aware that business resilience is critical to weathering the next catastrophic natural disaster.



Damage to reputation or brand, cyber crime, political risk and terrorism are some of the risks that private and public organizations of all types and sizes around the world must face with increasing frequency. The latest version of ISO 31000 has just been unveiled to help manage the uncertainty.

Risk enters every decision in life, but clearly some decisions need a structured approach. For example, a senior executive or government official may need to make risk judgements associated with very complex situations. Dealing with risk is part of governance and leadership, and is fundamental to how an organization is managed at all levels.

Yesterday’s risk management practices are no longer adequate to deal with today’s threats and they need to evolve. These considerations were at the heart of the revision of ISO 31000, Risk management – Guidelines, whose latest version has just been published. ISO 31000:2018 delivers a clearer, shorter and more concise guide that will help organizations use risk management principles to improve planning and make better decisions. Following are the main changes since the previous edition:



There must be something special about the number nine.

When we talk about looking our best, we speak of dressing to the nines. When we’re happy, we talk about being on cloud nine. And when we talk about doing something thoroughly, we speak of going the whole nine yards.

As it happens, nine was also the number I hit on when I sat down to answer the question: What are the characteristics of a top-flight business continuity management program? (I was obliged to do this when writing the ebook we recently published, “10 Keys to a Peak-Performing BCM Program,” which you can download for free here.)

These are the nine qualities that we at MHA Consulting consistently strive to attain in serving our clients.



Within Business Continuity circles there is ongoing debate about the relevance and role of Risk Assessment in developing a BCM program. Having been in the industry for more than 20 years, I understand the issue from both the sides.

Traditional, formalized Risk Assessment aims to identify the threats to which our organization is vulnerable. Once this threat-vulnerability pairing is identified, the next step is to assign a probability of such an occurrence – based on experience or other external source material.  Next, the impact of the threat happening must be assessed.  The combination of Probability and Impact – Low Probability/High Impact vs. High Probability/Low Impact (and other options in between) provides the ability to stratify risks.

Once risks have been assessed, strategies can be developed to mitigate or reduce their potential impact on our operations. This is the risk mitigation approach in a nut-shell.



Friday, 18 May 2018 13:16

Threats, Impacts, BCPs

(TNS) - When the doctors and nurses at Sunrise Hospital in Las Vegas found themselves inundated with victims of October’s mass shooting at a country music festival there, their heroic efforts to save lives and stem the carnage relied heavily on expertise developed by a renowned New Orleans surgeon.

The late Dr. Norman McSwain, who for years headed the trauma center at Charity Hospital in New Orleans, pioneered many of the techniques put to use in the chaotic hours after the shooting, said Dave MacIntyre, a trauma surgeon at Sunrise.

“I’m telling you, you guys had the best here teaching you,” MacIntyre said of McSwain, who died in July 2015. The trauma center at University Medical Center in Mid-City is named after him.



Active shooter incidents are on the rise in US, and your organization is most definitely at risk.

Quoting FBI statistics, the National Fire Protection Association reports that “an average of 6.4 active shooter events occurred annually in the U.S. from 2000 to 2006. From 2007 to 2013, that average more than doubled, to 16.4. From 2014 to 2015, it climbed to 20.”  The FBI reported that from 2000 to 2013 alone 160 “active shooter” incidents in the US resulted in over 1000 people killed and wounded.

Whether yours is a business, school, religious institution, government office, day care center – any organization – you simply have to be prepared for this all-to-common deadly violence. If you don’t have a crisis plan in place, stop reading this immediately. Your first priority is to get a plan in place as soon as possible. On the other hand, if you do have a crisis plan in place, that plan, along with your organization’s response team, needs to be tested and evaluated in a tabletop exercise specifically focused on an active shooter scenario.

To make your active shooter exercise as productive as possible, it actually must be designed to test two separate but related components: 1) the decision-making by your organization’s leadership and, equally important, 2) how well your employees would respond during an active shooter event. Unlike many other kinds of crises your organization might face, your employees have the potential, along with law enforcement, “to affect the outcome of an (active shooter) event based on their responses,“ according to the FBI report.



Thursday, 17 May 2018 16:21

Active Shooter: 4 Tabletop Exercise Tips

When leadership issues a corporate mandate, employees are expected to execute on it. But what happens when a mandate is clear, but workers are not given the resources to do the work?

During the 2018 Enaxis Leadership Forum, surveyed participants reported that 92% of their organizations have established, or planned to establish, a digital strategy as a high-priority of the organization within the next 12 months. This is an overwhelming endorsement of the importance of establishing digital strategies as core strategic targets. Organizations recognize the effects digital transformations are having across industries, and a significant majority have already prepared themselves to act upon it. This was found to be true across a variety of industries, which highlights how pervasive digital transformations are becoming across all businesses.

Despite this significant intended adoption, however, a major fissure is likely to hinder organizations from following through on their vision. The fissure? Lack of funding.



When an emergency occurs, your team must be ready for any eventuality.

That could mean everything from knowing where the closest exits are in case of fire to understanding how to communicate with vendors and customers in case of an extended power outage or cyber-attack. Unfortunately, many organizations are under-equipped to share the information with the right people at the right time — a requirement to ensure seamless operations can continue even under duress.

Damaging Emergencies

In any given year, there are hundreds of workplace homicides, making workplace violence and active shooter situations a reality that must be addressed. With over 40% of small businesses failing to re-open after a weather-related or another major disaster, the evidence is clear that emergencies must be handled in a timely and proactive manner. Whether disasters are caused by human action or by nature, effective communication is cited by human resources professionals as being a critical part of disaster recovery.

Notes David Rusenko, CEO, and founder of Weebly, “It’s hard to figure out where to prioritize when your business is hit by a natural disaster. While you get organized and figure out a plan, it’s critical to communicate as quickly and transparently as possible with your existing customers and new customers who are searching for you online.”

Crisis communication can take many forms, including instant notifications triggered by operations, technology or human resources personnel. This communication lets employees know how to continue operations during an outage or how to signal that they are safe during an active shooter incident, just to list a couple of examples. Without a comprehensive communications platform in place, it can be much harder to ensure that everyone has made it to safety.



Here’s a modest proposal that will save basketball fans and their families a great deal of time and stress over the next month.

As you probably know, the NBA Conference Finals just got underway, with the Celtics and Cavaliers dueling in the Eastern conference finals and the Rockets and Warriors playing to determine the champs of the Western Conference. Then the winning teams will face each other in a best out of seven series to determine the league champion.

But unfortunately, along the way basketball fans will have to experience a lot of anxiety and aggravation while throwing away many hours of their lives which they can never get back.

There’s an easier way.

Why doesn’t the NBA, instead of holding all those games, just collect the four teams’ practice records and award the championship to which ever has spent the most time doing shooting drills?

It would be quick, efficient, and over in 15 minutes.

And clearly there’s a direct correlation between which team conducts the most practice drills and which plays the best, right?

Wrong, obviously.

You see what this would amount to, right? Awarding the title based on a metric that is only of limited, private significance to each team (within the context of its efforts to improve), instead of based on a metric that really does matter, namely which team performs the best through all the matchups of the playoffs and finals.

Unfortunately, this is the approach many business continuity managers take in quantifying and measuring aspects of their program.



The Greek philosopher Heraclitus is known for his statement, “The only constant is change.”  Personally, I embrace change.  After all, if things did not change we would get bored with the mundane.  Along those lines, I recently decided it was time for a change in my career and joined BC in the Cloud this year.   After spending nearly 20 years in the pharmaceutical industry I prepared myself for a tidal wave of change and a steep learning curve.  Now with a few months in the field, I am pleasantly surprised to find I was more prepared than I thought, thanks to the years I spent as a volunteer firefighter.

How could firefighting prepare you for a job in a company that provides a planning platform for business continuity and disaster recovery?  You may be surprised by the similarities.

Firefighting is all about planning and preparing for an emergency.  As a firefighter you never know when the alarm will sound or what that next call might bring.  This is no different than what business continuity practitioners do for the businesses they support.   In business continuity plans are created and those plans are tested through a variety of exercises.  When an incident occurs, the plans become the backbone of how a business responds, hopefully with as little disruption and impact as possible.



Wednesday, 16 May 2018 14:48

Putting Out Fires

Page 1 of 3